Detecting rootkits and other malicious code installed on a machine is potentially imperfect in that a CPU or device used to detect the malicious code may itself become compromised by the code. Moreover, the rootkits can be difficult to detect. For example, some scanners for detecting malicious code may include a programmable device which reads a target machine's memory space. But, as input/output memory management units (IOMMUs) can be used to remap traffic, a rootkit may manipulate the IOMMU to redirect memory reads of the rootkit's own memory to a benign copy of memory. In that instance, the conventional scanner would not detect the rootkit.